Skip to Main Content
Effective Vulnerability Management
book

Effective Vulnerability Management

by Chris Hughes, Nikki Robinson
April 2024
Intermediate to advanced content levelIntermediate to advanced
288 pages
7h 33m
English
Wiley
Content preview from Effective Vulnerability Management

3Secure Configuration

While some vulnerabilities are inherent to software and services and intrinsic aspects of a digital environment, others are tied to how a specific product, software, or service is configured. This chapter covers the topic of secure configurations and discusses various aspects such as regulatory frameworks, common misconfigurations, and industry secure configuration guidance.

Regulations, Frameworks, and Laws

Regulatory frameworks and laws play a significant role in advocating for the industry adoption of best practices and secure configurations. For example, the Center for Internet Security (CIS) Benchmarks align closely and map to frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), the Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA).

In the defense space, there are requirements for utilizing the Department of Defense's (DoD) Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) where possible, and to utilize vendor- and industry secure configuration guidance in the absence of STIG availability. The reason is that most products and software don't come to customers and consumers in a “hardened” state. This is due to the inherent give and take between concepts such as usability and security. Suppliers are often trying to make products as feature-rich, capable, and easy to use as possible, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Vulnerability Management

Practical Vulnerability Management

Andrew Magnusson

Publisher Resources

ISBN: 9781394221202Purchase Link